malware

According to a survey sent to 1,200 IT security personnel and decision makers around the world only about half of those who paid the ransom after being infected by ransomware were able to get their data back. The reasons for this are multiple, but the moral to this story is back up your data...

In a report from Threatpost, it appears that malware was discovered on the point of sale systems at more than 160 Applebee's restaurants. The stores are all owned by RHM Franchise Holdings, who said it recently discovered the malware that may have enabled hackers to steal guests' names, credit...

Unit 42 researchers have discovered a new malware that steals cryptocurrency by replacing clipboard addresses with an attacker-controlled address. The malware was spread by a "malspam" campaign with an email claiming a passport was lost, and a PDF attached had a copy of the scanned document. The...

https://www.rockpapershotgun.com/2018/02/19/flight-sim-group-put-malware-in-a-jet-and-called-it-drm/ Seriously, they added a check in their installer and if your SN was considered invalid it ran a chrome password dumper and sent the contents back to themselves. When caught they called the...

Security researcher Scott Helme is reporting that a Cryptojacking event happened over the weekend where a 3rd party provider was compromised and their JS library was altered. The alteration included a mining script that landed on over 4,000 websites, many of which were Government sites. It turns...

Navin Shenoy, of Intel, says they have found the problem with the reboot issue on Broadwell and Haswell firmware updates and they have released more microcode for their Skylake platforms to the OEMs. The plan is to continue to test the updates and release them as soon as possible to the field...

Cryptojacking attacks are becoming more and more common these days and now it appears a utility company is the first victim of attacks against critical infrastructure. Security company Radiflow discovered the malware recently and found that it had been running on the network for 3 weeks totally...

Researchers in Israel have come up with a couple of unique pieces of malware that can be used to steal data using the magnetic fields generated by a cpu. As a matter of fact they demonstrated this can even work if the cpu is inside of a Faraday cage. These guys have found many ways to get data...

Creepers gonna creep and Phillip Durachinsk, and Ohio man, was doing just that and getting away with it for 13 years using his own Fruitfly malware. Fruitfly is a Mac targeted Malware and was not ever discovered till January of 2017. It seems as though that Durachinsk was using Fruitfly to...

Rhino Labs has discovered a new way to get your Windows credentials using the subDoc feature of Microsoft Word. The bad guys insert a sub-document into a Word file from a server out on the internet. This sub-document tricks the PC into giving up the NTLM hash needed for authenticaton. Once...

It appears that over 100K users have downloaded a Chrome extension call Archive Poster and is mining Monero whenever the browser is open. It seems like everyday there's a new cryptoming malware release and all the browsers are being hijacked one way of the other. Also, this thing has been...

The good folks at Trend Micro have discovered a new cryptomining bot in the wild and it spreads through Facebook Messenger. The good news is this one won't melt down your phone or tablet and the bad news is it will infect your Chrome web browser on your desktop. If you get a video file through...

A new android trojan that is distributed by advertising campaigns, Trojan.AndroidOS.Loapi, is making the rounds and this one is a bit different. Loapi is a modular trojan that can conduct many different attacks. It can mine crypto, launch DDoS attacks, annoy with constant ads and other types...

Microsoft has released an emergency update to their malware protection engine that most users should get automatically. What makes this so funny is the fact that what's supposed to protect your system has to be fixed to protect itself. Anyway, it could have been worse if MS called this a...

Every business with BYOD and corporate mobile device users across the globe has been exposed to mobile malware, with an average of 54 attempts per company played out within a 12-month period, according to a Check Point report released Friday. The report also notes that 94% of security...

Kaspersky Lab, the US government's least favorite computer security outfit, has published its full technical report into claims Russian intelligence used its antivirus tools to steal NSA secrets. The Register has a good article worth reading that ties everything together. We covered this a bit...

US-CERT has released a joint technical alert on malware attacks linked to North Korean IP addresses. They say a remote administration tool called FALLCHILL is being deployed by a group called Hidden Cobra. The North Koreans are using this to attack aerospace, telecommunications, and finance...

It's not a new thing for hackers to abuse stolen digital code-signing certificates, but the scope and scale of it appears to be much more wide spread than security researchers thought. The University of Maryland found 72 compromised certificates after analyzing field data collected by Symantec...

Those pesky hackers are once again planting malware in apps to use your hardware for making money through mining. They are back in android apps and they're on Google Play and ready to rock. If you feel your phone heating up and the battery going down it might just be a similar app. Come on...

According to threatpost, hackers are getting closer to launching full-scale DDoS attacks using millions of IoT devices that have been herded into the botnet known as Reaper or IOTroop. Hackers are swapping scripts on forums that can scan the internet for vulnerable IoT devices. This is getting...

State-backed hackers are targeting security researchers (WARNING auto play video) in their latest campaign. They are sending malware infested documents disguised as advertisement for a cybersecurity conference. The malware variant is Seduploader, and has been used in previous campaigns by...

There's a newly discovered unpatched attack method out there that exploits a built-in feature of Microsoft Office. Apparently it is currently being used in various widespread malware attack campaigns. This new method uses DDE and doesn't require a macro to work. The way to protect yourself is...

Coinhive has gotten a considerable amount of coverage lately, here, here, and here, just to name a few. If you are not yet familiar, your computer's resources are basically used to mine cryptocurrency when you visit a website with the protocol installed by the owner, or it has been hacked into...

In a blog post by Trend Micro, they outline a new malware that abuses PowerPoint Slide Show. Per the article, the exploit arrives as a spear-phishing email attachment that drops a remote access tool. They believe the targeted attack involves the use of a sender address disguised as a legitimate...

While over half of the CopyCat malware infections on Android are located in Asia, there are over 250K infections verified in the USA. This Android malware's primary function is one you might not notice easily either. It is going about making its money by hijacking advertisement identifiers...

Beware Android users, there's a trojan called Dvmap, using new techniques and good ol' false sense of security to infect your devices. Kaspersky Lab researchers discovered the malware disguising itself as a simple puzzle game, colourblock. The developers bypassed software checks by first...

A few weeks ago we reported on Adylkuzz, a malware that uses the same attack vector as the WannaCry ransomware, but rather than extort you for money by holding your data hostage, it installs cryptocurrency mining software on your machine, and mines cryptocurrency to the benefit of its creator...

"Good" malware is the kind the person is not even aware of, right? And "good" malware prevents the spread of other malware, right? The ProofPoint website has a write-up on the Adylkuzz malware, that is much like the WannaCry RansomWorm in that it spreads the same way. Instead of holding your...

It looks as if our in-house security experts were on target when discussing this topic a couple of days ago. Our thoughts were that the subsequent variants of the WannaCry malware were not attached to the original author, as the new variants were coded very sloppily compared to the original...

There must be some victoims who would have contacted them. I am very much interested in knowing what they said. Please share with me if anyone find any story relating to it!

While this will likely not impact a tremendous amount of HardOCP readers, it is worthy of noting that if you have recently downloaded and installed HandBrake for Mac, directly from the HandBrake site, you might be at risk for having been infected with malware. Now, if you use a Mac, you are...

In the real world, the Shishiga has taken on a more ethereal form. Researchers at ESET have discovered a nasty piece of malware that operates by brute-forcing weak telnet and SSH credentials on the Linux OS in an effort to plant itself on a victim device. Upon first inspection, Linux/Shishiga...

Brickerbot is a new strain of malware that intentionally bricks unsecured Linux BusyBox-based IoT devices. Unsecured devices are typically placed into service without changing the default password, thus allowing anyone that can Google the default password for a product line to take control of...

Security researchers at Cybellum have identified a Zero-Day attack that grants full control over many Antivirus solutions on the market today. Born from the ashes of a 15 year old Microsoft tool, Cybellum has named this attack "Double Agent". Double Agent uses Microsoft's fairly ancient "MS...

Check Point Software Technologies has released a report showing that many popular Android smartphones are being infected with malware and spyware before users take delivery of their new devices. Researchers have determined that the malware is not a part of the the official vendors images for...

Intel's SGX or Software Guard Extensions were designed to hide sensitive data such as RSA keys. A team of researchers from Austria's Graz University of Technology were able to write a proof-of-concept malware that can grab RSA keys from SGX enclaves on the same system within 5 minutes of...

Rule # 119 of the Cyber-Squirrel Handbook: Sometimes it's best not to taunt a Cyber Security Organization with hidden code in super stealthy malware. On the 24th of February, Twitter user Simpo posted a picture of a string of malicious code with the words "SourceFireSux" encoded in Base64...

If you enjoy seeing malware suspects cuffed, on the floor, and in their underwear, have we got one for you! Russian police just completed their second wave of arrests in a coordinated action to move on the Lurk malware gang, allegedly responsible for using a botnet to target corporate accounts...

I am trying to figure out whether a PC can be salvaged or not. It has Windows "Embedded" which is somewhat unfamiliar territory for me. Currently, if you turn the PC on, it shows a screen that says Windows Embedded and some company information (from the vendor that originally supplied the PC.)...

I haven't had to deal with this in a while, but I am trying to help out a friend with a particularly bad malware-infected PC. A few years ago there was a kit out there that worked incredibly well, but I cannot remember what it was called. It was basically a bundle of several free programs and...